Lucene search

K

TianoCoreVULNRICHMENT:CVE-2023-45231

HistoryJan 16, 2024 - 4:09 p.m.

CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package

2024-01-1616:09:47

CWE-125

TianoCore

github.com

1

edk ii network package

out-of-bounds read

cve-2023-45231

vulnerability

unauthorized access

confidentiality loss

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

EDK2’s Network Package is susceptible to an out-of-bounds read
vulnerability when processing Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.

References

packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

www.openwall.com/lists/oss-security/2024/01/16/2

github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

security.netapp.com/advisory/ntap-20240307-0011/

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-45231

cbl_mariner2 ubuntucve1 redhatcve1 cvelist1 prion1 debiancve1 nvd1 cve1 alpinelinux1 nessus21 amazon1 rocky1 osv13 redhat7 almalinux2 oraclelinux7 openvas6 thn1 ubuntu1 fedora1 debian1 cert1 redos1